By mid-December, the federal government is planning to quietly enact what could be the largest consolidation of personal data in the history of the republic. If you think identity theft is a problem now, wait until Uncle Sam serves up critical information on 300 million American citizens on a platter.

Hyperbole? Unlikely. Here's why: As the Patient Protection and Affordable Care Act lurches toward full implementation on Jan. 1, 2014, only a handful of states (California, Massachusetts, Maryland, Oregon and Washington) are likely to be truly ready to operate state exchanges by next October. These exchanges are supposed to be the primary mechanism for giving federal subsidies to uninsured, low-income Americans. Without state exchanges, ObamaCare runs into trouble.

ObamaCare's fail-safe mechanism is the creation of a federal exchange the administration has quietly put in motion. If the plan were simply a Travelocity-style portal for choosing different insurance products across state lines, we would support it. In fact, the federal government already has similar exchanges for Medicare Advantage plans and Part D prescription drug plans.

ObamaCare's federal exchange, however, will be very different from these earlier efforts or emerging private exchanges such as eHealthInsurance.com. In order to determine eligibilty for health insurance subsidies, the new exchange has to bring together information about you and your family from the Treasury Department and IRS, the Department of Homeland Security, the Department of Justice, as well as your Social Security number — all coordinated by the Department of Health and Human Services.

Centralized data hub

The data gathering is sensible, in the abstract. Similar information is collected when you apply for a mortgage. But when the constantly updated information is combined in a central data hub, the potential for abuse is staggering. For one thing, the hub will have all the details needed to steal identities and fraudulently access credit.

Given the enormous complexity of the task, and the extremely tight deadlines specified under ObamaCare, you would hope that the Obama administration would have been open about exactly how this is being put together, how it will work and what the privacy protections will be. That's not the case.

Hidden details

It took digging to discover just the names of the two vendors awarded $142 million to create the federal exchange. We only found out about the firms after a state insurance commissioner inadvertently posted documents on the Web. The documents also revealed that the federal data will be combined with data streams from state governments. This hub will achieve what has, until now, only appeared in pulp thrillers: a central database linking critical state and federal data on every U.S. citizen for real-time access.

Congress should be concerned about the ability of government to keep the data hub secure. Data security is already dismal.

According to an April RAND Corporation report, the feds might lose up to $98 billion annually to Medicare and Medicaid fraud and abuse, significant amounts of that related to the theft of personal information from government databases. And the political pressure to complete the hub before the exchanges begin enrolling applicants next fall will only add to the temptation to cut corners and declare success with a shoddy product not ready for prime time.

The data security aspect of ObamaCare's health insurance exchanges has received little scrutiny and less thought. Congress has a responsibility to ensure that the federal exchange doesn't become a data privacy disaster.

Stephen T. Parente is a finance professor at the University of Minnesota. Paul Howard is director of the Manhattan Institute's Center for Medical Progress.